lapeh 2.1.6 → 2.1.8

package/.env.example

@@ -1,22 +1,19 @@
-PORT=4000
+PORT=8000
 DATABASE_PROVIDER="postgresql"
 DATABASE_URL="postgresql://sianu:12341234@localhost:5432/db_example_test?schema=public"   
+
+# Used for all encryption-related tasks in the framework (JWT, etc.)
 JWT_SECRET="replace_this_with_a_secure_random_string"
 
-# Redis Configuration (Optional)
-# If REDIS_URL is not set or connection fails, the framework will automatically 
-# switch to an in-memory Redis mock (bundled). No installation required for development.
-# REDIS_URL="redis://lapeh:12341234@localhost:6379"
+# Framework Timezone
+TZ="Asia/Jakarta"
+
+# Redis Configuration (Optional)
+# If REDIS_URL is not set or connection fails, the framework will automatically 
+# switch to an in-memory Redis mock (bundled). No installation required for development.
+# REDIS_URL="redis://lapeh:12341234@localhost:6379"
 # NO_REDIS="true"
 
 # To force disable Redis and use in-memory mock even if Redis is available:
 # NO_REDIS="true"
 
-# mysql example:
-# DATABASE_PROVIDER="mysql"
-# DATABASE_URL="mysql://user:password@localhost:3306/news_db"
-# DATABASE_HOST="localhost"
-# DATABASE_PORT=3306
-# DATABASE_USER="user"
-# DATABASE_PASSWORD="password"
-# DATABASE_NAME="news_db"

package/doc/CHANGELOG.md

@@ -0,0 +1,37 @@
+# Dokumentasi Perubahan Lapeh Framework
+
+File ini mencatat semua perubahan, pembaruan, dan perbaikan yang dilakukan pada framework Lapeh, diurutkan berdasarkan tanggal.
+
+## [2025-12-27] - Pembaruan Struktur & Validasi
+
+### 🚀 Fitur Baru
+- **Laravel-style Validator**:
+  - Implementasi utility `Validator` baru di `src/utils/validator.ts` yang meniru gaya validasi Laravel.
+  - Mendukung rule string seperti `required|string|min:3|email`.
+  - Penambahan rule `unique` untuk pengecekan database otomatis (Prisma).
+  - Penambahan rule `mimes`, `image`, `max` (file size) untuk validasi upload file.
+  - Penambahan rule `sometimes` untuk field opsional.
+- **Framework Hardening (Keamanan & Stabilitas)**:
+  - **Rate Limiting**: Middleware anti-spam/brute-force di `src/middleware/rateLimit.ts`.
+  - **Request Logger**: Pencatatan log request masuk di `src/middleware/requestLogger.ts`.
+  - **Health Check**: Endpoint `/` kini mengembalikan status kesehatan server.
+  - **Graceful Shutdown**: Penanganan penutupan koneksi Database dan Redis yang aman saat server berhenti (`SIGTERM`/`SIGINT`).
+  - **Environment Validation**: Validasi variabel `.env` wajib (seperti `DATABASE_URL`, `JWT_SECRET`) saat startup.
+- **Struktur Folder Baru**:
+  - Pemisahan konfigurasi inti ke `src/core/` (`server.ts`, `database.ts`, `redis.ts`, `realtime.ts`) agar folder `src` lebih bersih.
+  - Sentralisasi route di `src/routes/index.ts` (WIP).
+
+### 🛠️ Perbaikan & Refactoring
+- **Controller Refactoring**:
+  - `AuthController`: Migrasi ke `Validator` baru, termasuk validasi upload avatar.
+  - `PetController`: Migrasi ke `Validator` baru.
+  - `RbacController`: Migrasi sebagian ke `Validator` baru.
+- **Pembersihan**:
+  - Penghapusan folder `src/schema/` (Zod schema lama) karena sudah digantikan oleh `Validator` utility.
+  - Penghapusan file duplikat/lama di root `src/` setelah migrasi ke `src/core/`.
+
+### 📝 Catatan Teknis
+- **Validator Async**: Method `fails()`, `passes()`, dan `validated()` kini bersifat `async` untuk mendukung pengecekan database (`unique`).
+- **Type Safety**: Semua perubahan telah diverifikasi dengan `npm run typecheck`.
+
+---

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "lapeh",
-  "version": "2.1.6",
+  "version": "2.1.8",
   "description": "Framework API Express yang siap pakai (Standardized)",
   "main": "index.js",
   "bin": {
@@ -74,6 +74,8 @@
     "slugify": "1.6.6",
     "socket.io": "4.8.3",
     "uuid": "13.0.0",
+    "winston": "^3.19.0",
+    "winston-daily-rotate-file": "^5.0.0",
     "zod": "3.23.8"
   },
   "devDependencies": {
@@ -81,6 +83,7 @@
     "@types/cors": "2.8.19",
     "@types/express": "5.0.6",
     "@types/jsonwebtoken": "9.0.10",
+    "@types/multer": "^2.0.0",
     "@types/node": "25.0.3",
     "@types/pg": "8.16.0",
     "@types/uuid": "10.0.0",

package/prisma/seed.ts

@@ -1,4 +1,4 @@
-import { prisma } from "../src/prisma";
+import { prisma } from "../src/core/database";
 import bcrypt from "bcryptjs";
 import { v4 as uuidv4 } from "uuid";
 import slugify from "slugify";

package/scripts/make-controller.js

@@ -37,7 +37,7 @@ let content = '';
 
 if (isResource) {
   content = `import { Request, Response } from "express";
-import { prisma } from "../prisma";
+import { prisma } from "../core/database";
 import { sendSuccess, sendError } from "../utils/response";
 import { getPagination, buildPaginationMeta } from "../utils/pagination";
 

package/src/controllers/authController.ts

@@ -1,35 +1,27 @@
-import { Request, Response } from "express";
-import { prisma } from "../prisma";
-import bcrypt from "bcryptjs";
-import jwt from "jsonwebtoken";
-import { v4 as uuidv4 } from "uuid";
-import { sendSuccess, sendError } from "../utils/response";
-import {
-  registerSchema,
-  loginSchema,
-  refreshSchema,
-  updatePasswordSchema,
-  updateProfileSchema,
-} from "../schema/auth-schema";
+import { Request, Response } from "express";
+import bcrypt from "bcryptjs";
+import jwt from "jsonwebtoken";
+import { v4 as uuidv4 } from "uuid";
+import { prisma } from "../core/database";
+import { sendSuccess, sendError } from "../utils/response";
+import { Validator } from "../utils/validator";
 
 export const ACCESS_TOKEN_EXPIRES_IN_SECONDS = 7 * 24 * 60 * 60;
 
 export async function register(req: Request, res: Response) {
-  const parsed = registerSchema.safeParse(req.body);
-  if (!parsed.success) {
-    const errors = parsed.error.flatten().fieldErrors;
-    sendError(res, 422, "Validation error", errors);
-    return;
-  }
-  const { email, name, password } = parsed.data;
-  const existing = await prisma.users.findUnique({ where: { email } });
-  if (existing) {
-    sendError(res, 409, "Email already used", {
-      field: "email",
-      message: "Email is already registered, please use another email",
-    });
+  const validator = Validator.make(req.body || {}, {
+    email: "required|email|unique:users,email",
+    name: "required|min:1",
+    password: "required|min:4",
+    confirmPassword: "required|min:4|same:password",
+  });
+
+  if (await validator.fails()) {
+    sendError(res, 422, "Validation error", validator.errors());
     return;
   }
+  const { email, name, password } = await validator.validated();
+  // Manual unique check removed as it is handled by validator
   const hash = await bcrypt.hash(password, 10);
   const user = await prisma.users.create({
     data: {
@@ -64,13 +56,16 @@ export async function register(req: Request, res: Response) {
 }
 
 export async function login(req: Request, res: Response) {
-  const parsed = loginSchema.safeParse(req.body);
-  if (!parsed.success) {
-    const errors = parsed.error.flatten().fieldErrors;
-    sendError(res, 422, "Validation error", errors);
+  const validator = Validator.make(req.body || {}, {
+    email: "required|email",
+    password: "required|min:4",
+  });
+
+  if (await validator.fails()) {
+    sendError(res, 422, "Validation error", validator.errors());
     return;
   }
-  const { email, password } = parsed.data;
+  const { email, password } = await validator.validated();
   const user = await prisma.users.findUnique({
     where: { email },
     include: {
@@ -170,10 +165,11 @@ export async function logout(req: Request, res: Response) {
 }
 
 export async function refreshToken(req: Request, res: Response) {
-  const parsed = refreshSchema.safeParse(req.body);
-  if (!parsed.success) {
-    const errors = parsed.error.flatten().fieldErrors;
-    sendError(res, 422, "Validation error", errors);
+  const validator = Validator.make(req.body || {}, {
+    refreshToken: "required|min:1",
+  });
+  if (await validator.fails()) {
+    sendError(res, 422, "Validation error", validator.errors());
     return;
   }
   const secret = process.env.JWT_SECRET;
@@ -182,7 +178,8 @@ export async function refreshToken(req: Request, res: Response) {
     return;
   }
   try {
-    const decoded = jwt.verify(parsed.data.refreshToken, secret) as {
+    const validatedData = await validator.validated();
+    const decoded = jwt.verify(validatedData.refreshToken, secret) as {
       userId: string;
       role: string;
       tokenType?: string;
@@ -238,10 +235,22 @@ export async function updateAvatar(req: Request, res: Response) {
     sendError(res, 401, "Unauthorized");
     return;
   }
-  const file = (req as any).file as {
-    filename: string;
-    path: string;
-  } | null;
+
+  const data = {
+    avatar: (req as any).file,
+  };
+
+  const validator = Validator.make(data, {
+    avatar: "nullable|image|mimes:jpeg,png,jpg,gif|max:2048",
+  });
+
+  if (await validator.fails()) {
+    sendError(res, 422, "Validation error", validator.errors());
+    return;
+  }
+
+  const { avatar: file } = await validator.validated();
+
   if (!file) {
     sendError(res, 400, "Avatar file is required");
     return;
@@ -271,13 +280,16 @@ export async function updatePassword(req: Request, res: Response) {
     sendError(res, 401, "Unauthorized");
     return;
   }
-  const parsed = updatePasswordSchema.safeParse(req.body);
-  if (!parsed.success) {
-    const errors = parsed.error.flatten().fieldErrors;
-    sendError(res, 422, "Validation error", errors);
+  const validator = Validator.make(req.body || {}, {
+    currentPassword: "required|min:4",
+    newPassword: "required|min:4",
+    confirmPassword: "required|min:4|same:newPassword",
+  });
+  if (await validator.fails()) {
+    sendError(res, 422, "Validation error", validator.errors());
     return;
   }
-  const { currentPassword, newPassword } = parsed.data;
+  const { currentPassword, newPassword } = await validator.validated();
   const user = await prisma.users.findUnique({
     where: { id: BigInt(payload.userId) },
   });
@@ -310,27 +322,18 @@ export async function updateProfile(req: Request, res: Response) {
     sendError(res, 401, "Unauthorized");
     return;
   }
-  const parsed = updateProfileSchema.safeParse(req.body);
-  if (!parsed.success) {
-    const errors = parsed.error.flatten().fieldErrors;
-    sendError(res, 422, "Validation error", errors);
-    return;
-  }
-  const { name, email } = parsed.data;
-  const userId = BigInt(payload.userId);
-  const existing = await prisma.users.findFirst({
-    where: {
-      email,
-      NOT: { id: userId },
-    },
+  const validator = Validator.make(req.body || {}, {
+    name: "required|min:1",
+    email: `required|email|unique:users,email,${payload.userId}`,
   });
-  if (existing) {
-    sendError(res, 409, "Email already used", {
-      field: "email",
-      message: "Email is already registered, please use another email",
-    });
+  if (await validator.fails()) {
+    sendError(res, 422, "Validation error", validator.errors());
     return;
   }
+  const { name, email } = await validator.validated();
+  const userId = BigInt(payload.userId);
+  // Manual unique check removed as it is handled by validator
+
   const updated = await prisma.users.update({
     where: { id: userId },
     data: {

package/src/controllers/petController.ts

@@ -1,9 +1,8 @@
-
 import { Request, Response } from "express";
-import { prisma } from "../prisma";
+import { prisma } from "../core/database";
 import { sendSuccess, sendError } from "../utils/response";
-import { createPetSchema, updatePetSchema } from "../schema/pet-schema";
 import { getPagination, buildPaginationMeta } from "../utils/pagination";
+import { Validator } from "../utils/validator";
 
 export async function index(req: Request, res: Response) {
   const { page, perPage, skip, take } = getPagination(req.query);
@@ -58,16 +57,21 @@ export async function show(req: Request, res: Response) {
 }
 
 export async function store(req: Request, res: Response) {
-  const parsed = createPetSchema.safeParse(req.body);
-  if (!parsed.success) {
-    const errors = parsed.error.flatten().fieldErrors;
-    sendError(res, 422, "Validation error", errors);
+  const validator = Validator.make(req.body || {}, {
+    name: "required|string",
+    species: "required|string",
+    age: "required|integer|min:1",
+  });
+
+  if (await validator.fails()) {
+    sendError(res, 422, "Validation error", validator.errors());
     return;
   }
 
+  const validatedData = await validator.validated();
   const pet = await prisma.pets.create({
     data: {
-      ...parsed.data,
+      ...validatedData,
       created_at: new Date(),
       updated_at: new Date(),
     },
@@ -81,11 +85,14 @@ export async function store(req: Request, res: Response) {
 
 export async function update(req: Request, res: Response) {
   const { id } = req.params;
-  const parsed = updatePetSchema.safeParse(req.body);
+  const validator = Validator.make(req.body || {}, {
+    name: "string",
+    species: "string",
+    age: "integer|min:1",
+  });
 
-  if (!parsed.success) {
-    const errors = parsed.error.flatten().fieldErrors;
-    sendError(res, 422, "Validation error", errors);
+  if (await validator.fails()) {
+    sendError(res, 422, "Validation error", validator.errors());
     return;
   }
 
@@ -98,10 +105,11 @@ export async function update(req: Request, res: Response) {
     return;
   }
 
+  const validatedData = await validator.validated();
   const updated = await prisma.pets.update({
     where: { id: BigInt(id) },
     data: {
-      ...parsed.data,
+      ...validatedData,
       updated_at: new Date(),
     },
   });
@@ -114,7 +122,7 @@ export async function update(req: Request, res: Response) {
 
 export async function destroy(req: Request, res: Response) {
   const { id } = req.params;
-  
+
   const existing = await prisma.pets.findUnique({
     where: { id: BigInt(id) },
   });